Add watchtower, fixes and prepare for new caddy handling

2022-08-06 02:05:08 +02:00 · 2022-08-06 02:05:08 +02:00 · 29f31783f5
commit 29f31783f5
parent a594e5d083
14 changed files with 213 additions and 42 deletions
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -4,6 +4,8 @@ services:
  server:
    image: gitea/gitea:1.17
    container_name: gitea
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
    - .env
    - .secret.env
@ -16,6 +18,14 @@ services:
      - "3000:3000"
      - "3022:22"
      - "22:22"
+    networks:
+      services:
+        aliases:
+          - gitea

 volumes:
  data:
+
+networks:
+  services:
+    external: true
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@ -2,8 +2,10 @@ version: '3'

 services:
  grafana:
-    image: grafana/grafana
+    image: grafana/grafana:latest
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
@ -12,5 +14,14 @@ services:
    user: "104"
    ports:
      - 3001:3000/tcp
+    networks:
+      services:
+        aliases:
+          - grafana
+
 volumes:
  grafana-data:
+
+networks:
+  services:
+    external: true
--- a/nginx_proxy_manager/docker-compose.yml
+++ b/nginx_proxy_manager/docker-compose.yml
@ -1,14 +0,0 @@
-version: '3'
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    ports:
-      - '80:80'
-      - '443:443'
-      - '81:81'
-    volumes:
-      - data:/data
-      - /etc/letsencrypt:/etc/letsencrypt
-volumes:
-  data:
--- a/synapse/docker-compose.yml
+++ b/synapse/docker-compose.yml
@ -5,20 +5,31 @@ services:
  synapse:
    image: docker.io/matrixdotorg/synapse:latest
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    environment:
      - SYNAPSE_CONFIG_PATH=/data/
    volumes:
      - ./data:/data
      - media_store:/media_store
-    ports:
-      - 8008:8008/tcp
+    networks:
+      services:
+        aliases:
+          - synapse

  synapse-admin:
    image: awesometechnologies/synapse-admin:latest
    restart: always
-    ports:
-      - "8009:80"
-    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    networks:
+      services:
+        aliases:
+          - synapse-admin

 volumes:
  media_store:
+
+networks:
+  services:
+    external: true
--- a/tandoor/docker-compose.yml
+++ b/tandoor/docker-compose.yml
@ -3,6 +3,8 @@ services:
  web_recipes:
    image: vabene1111/recipes
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
@ -10,12 +12,14 @@ services:
      - staticfiles:/opt/recipes/staticfiles
      - nginx_config:/opt/recipes/nginx/conf.d
      - mediafiles:/opt/recipes/mediafiles
+    networks:
+      tandoor:

  nginx_recipes:
    image: nginx:mainline-alpine
    restart: always
-    ports:
-      - 3017:80
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
@ -25,8 +29,18 @@ services:
      - nginx_config:/etc/nginx/conf.d:ro
      - staticfiles:/static
      - mediafiles:/media
+    networks:
+      tandoor:
+      services:
+        aliases:
+          - tandoor

 volumes:
  nginx_config:
  staticfiles:
  mediafiles:
+
+networks:
+  tandoor:
+  services:
+    external: true
--- a/tt-rss/.env
+++ b/tt-rss/.env
@ -13,5 +13,3 @@ TTRSS_SELF_URL_PATH=https://rss.serguzim.me/tt-rss/
 # TTRSS_SESSION_COOKIE_LIFETIME=2592000
 # TTRSS_FORCE_ARTICLE_PURGE=30
 # etc, etc.
-
-HTTP_PORT=8280
--- a/tt-rss/docker-compose.yml
+++ b/tt-rss/docker-compose.yml
@ -4,15 +4,23 @@ services:
  app:
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
    volumes:
      - app:/var/www/html
+    networks:
+      tt-rss:
+        aliases:
+          - tt-rss-app

  updater:
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
@ -21,16 +29,29 @@ services:
    depends_on:
      - app
    command: /opt/tt-rss/updater.sh
+    networks:
+      tt-rss:

  web-nginx:
    image: cthulhoo/ttrss-web-nginx
    restart: always
-    ports:
-      - ${HTTP_PORT}:80
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    volumes:
      - app:/var/www/html:ro
+      - ./nginx.conf:/etc/nginx/nginx.conf
    depends_on:
      - app
+    networks:
+      tt-rss:
+      services:
+        aliases:
+          - tt-rss

 volumes:
  app:
+
+networks:
+  tt-rss:
+  services:
+    external: true
--- a/tt-rss/nginx.conf
+++ b/tt-rss/nginx.conf
@ -0,0 +1,61 @@
+worker_processes auto;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+	include /etc/nginx/mime.types;
+	default_type  application/octet-stream;
+
+	access_log /dev/stdout;
+	error_log /dev/stderr warn;
+
+	sendfile on;
+
+	index index.php;
+
+	upstream app {
+		server tt-rss-app:9000;
+	}
+
+	server {
+		listen 80;
+		listen [::]:80;
+
+		root /var/www/html;
+
+		location /tt-rss/cache {
+			aio threads;
+			internal;
+		}
+
+		location /tt-rss/backups {
+			internal;
+		}
+
+		location ~ \.php$ {
+			# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+			fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+			# Check that the PHP script exists before passing it
+			try_files $fastcgi_script_name =404;
+
+			# Bypass the fact that try_files resets $fastcgi_path_info
+			# see: http://trac.nginx.org/nginx/ticket/321
+			set $path_info $fastcgi_path_info;
+			fastcgi_param PATH_INFO $path_info;
+
+			fastcgi_index index.php;
+			include fastcgi.conf;
+
+			fastcgi_pass app;
+		}
+
+		location / {
+			try_files $uri $uri/ =404;
+		}
+
+	}
+}
--- a/umami/docker-compose.yml
+++ b/umami/docker-compose.yml
@ -1,10 +1,18 @@
 version: '3'
 services:
-  umami:
-    image: ghcr.io/mikecao/umami:postgresql-latest
-    ports:
-      - "3013:3000"
+  app:
+    image: docker.umami.is/umami-software/umami:postgresql-latest
+    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
-    restart: always
+    networks:
+      services:
+        aliases:
+          - umami
+
+networks:
+  services:
+    external: true
--- a/watchtower/.env
+++ b/watchtower/.env
@ -0,0 +1,11 @@
+WATCHTOWER_LABEL_ENABLE=true
+WATCHTOWER_CLEANUP=true
+
+WATCHTOWER_NOTIFICATIONS=email
+WATCHTOWER_NOTIFICATION_EMAIL_FROM=watchtower@serguzim.me
+WATCHTOWER_NOTIFICATION_EMAIL_TO=tobias@msrg.cc
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.serguzim.me
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=watchtower@serguzim.me
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=
+WATCHTOWER_NOTIFICATION_EMAIL_DELAY=5
--- a/watchtower/docker-compose.yml
+++ b/watchtower/docker-compose.yml
@ -0,0 +1,11 @@
+version: "3"
+
+services:
+  watchtower:
+    image: containrrr/watchtower
+    restart: always
+    env_file:
+      - .env
+      - .secret.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
--- a/webdis/docker-compose.yml
+++ b/webdis/docker-compose.yml
@ -2,21 +2,28 @@ services:
  webdis:
    image: nicolas/webdis:latest
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    command: /usr/local/bin/webdis /config/webdis.json
    volumes:
      - ./webdis.json:/config/webdis.json
    networks:
-      - shared
+      local-net:
+      services:
+        aliases:
+          - webdis
    depends_on:
      - redis
-    ports:
-      - "127.0.0.1:7379:7379"

  redis:
    image: redis:6.2.6
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    networks:
-      - shared
+      local-net:

 networks:
-  shared:
+  local-net:
+  services:
+    external: true
--- a/wiki-js/docker-compose.yml
+++ b/wiki-js/docker-compose.yml
@ -1,11 +1,19 @@
 version: '3'

 services:
-  wiki-js:
+  app:
    image: requarks/wiki
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
-    ports:
-      - 3003:3000/tcp
+    networks:
+      services:
+        aliases:
+          - wiki-js
+
+networks:
+  services:
+    external: true
--- a/woodpecker/docker-compose.yml
+++ b/woodpecker/docker-compose.yml
@ -4,16 +4,23 @@ services:
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:latest
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
    env_file:
      - .env
      - .secret.env
-    ports:
-      - 3500:8000
+    networks:
+      local-net:
+      services:
+        aliases:
+          - woodpecker

  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:latest
-    command: agent
    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    command: agent
    env_file:
      - .env
      - .secret.env
@ -23,3 +30,10 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WOODPECKER_SERVER: "woodpecker-server:9000"
+    networks:
+      local-net:
+
+networks:
+  local-net:
+  services:
+    external: true